meshU 2009 – writing (more) secure software

Today at the meshU conference I gave a talk about secure programming, with a focus on the web.  There were 2 token slides for the C and C++ devs out there, which ended up working perfectly because there were only two people in the room who wrote C/C++ 🙂

I mostly touched on stuff from OWASP‘s vast collection of resources,specifically their top ten principles of secure programming, and their top ten web application vulnerabilities.  Slides are after the jump, but I wanted to include some related links to things which came up during the talk:

Enjoy the slides!  Slideshare messed up the formatting of the additional notes, so for full effect I’d download them from here.

Continue reading “meshU 2009 – writing (more) secure software”

Xelerance Google Summer of Code

I’m pleased to announce that I’m working with Xelerance this summer to mentor students participating in the Google Summer of Code program.  We have a bunch of interesting ideas up and have been talking with potential participants on IRC (#xelerance-gsoc on  We are mentoring three sets of projects, related to openswan, DNSSEC tools, and Off-The-Record Messaging.   If you’re interested in participating as either a student or mentor in any of these, I’m reachable at leigh at hypatia dot ca, and of course on freenode under the username hypa7ia.

This is the first year Xelerance (and I) have participated in the program.  I’ve been reading lots of the collected wisdom from previous years on the mentor email list and around the web.  I’ve really enjoyed talking with students so far and can’t wait to read the applications as they come in.


My posse of heroines

I’m going to buck the trend and not name names on my post for Ada Lovelace Day 2009.  Instead I want to salute the women of the Ubuntu Women project for making participating in Ubuntu and in Open Source software in general just a little more supportive, friendly, and welcoming.  Unless one comes into our spaces to troll or harass, in which case the banhammers are swiftly dealt 🙂

Over the years (and it’s been years now!) I’ve hung out in #ubuntu-women on freenode, participated in the mailing list, and run into U-W participants at conferences around the world.  Through this, I’ve gained an invaluable support network, a place to vent to my peers, a great group of male allies (by which I mean guys who support the U-W project), and a bunch of fantastic friends.

Ada Lovelace Day is all about role models, and I couldn’t ask for a better bunch of women to look up to than the ones I hang out with every day in #ubuntu-women.  Thanks for all the great conversations, and let’s keep working hard on bug number 1!

I would be remiss to not mention my friend Behdad Esfahbod’s post for ALD, because he picked me to write about.  I’m delighted and honoured that he wrote about me. ETA: looks like Joey DeVilla and Karen Fung did too!


HackLabTO Ignite at DemoCampTO19

I gave my first Ignite talk last week at DemoCamp.  If you’re unfamiliar with the format, you have 20 slides which advance automatically every 15 seconds, giving you a total of 5 minutes to talk.  It’s a fun format, but I was amazed at how much more quickly those slides flashed by when I was in front of an audience than when I was practicing.

My slides were mostly photos, and I had notes co-ordinated with them.  I’ve put the presentation on Slideshare, but they don’t share presentation notes well, so I’ll include them here.  The bullets are numbered the same as the corresponding slides.  Read them really fast and you’ll get an accurate impression of how my talk went (at least until the video gets posted, ruh roh).  Slides and notes below the jump.

Continue reading “HackLabTO Ignite at DemoCampTO19”

Career talk at SpoofIT

I gave a talk a few weeks ago at SpoofIT, the IT Security club at UOIT.  I referred to a number of links and resources during the talk but haven’t had a chance until now to post a list of them.  I’ve also written up a little summary of the talk for those who missed it.  I owe a huge debt of inspiration to James Arlen’s talk at The Last Hope, which you can download at the hackermedia archive or on bittorrent at the HOPE tracker.  It’s the one titled “From Black Hat to Black Suit”.  He’s been doing this a lot longer than I have, so go watch his talk too 🙂
Continue reading “Career talk at SpoofIT”

Tweets? In /my/ Facebook?

It’s more likely than you think!

While some people are very frustrated by the occasional spamminess of Twitter -> Facebook posting, and others posit that Facebook will eventually kill Twitter because the “conversation moves there”, I just like being able to update both places at once and don’t really care to make predictions either way.

Instead I want to post a quick field guide to Twitter for Facebook users.  Not because they should particularly go ahead and sign up, but to make clearer what all the @this and #that’s crapping up their news feeds are.  Because they do tend to open dialogs and conversations, but can be confusing sometimes too – I definitely think about how something will work on my FB feed before posting to Twitter.

Continue reading “Tweets? In /my/ Facebook?”

25C3 Day 3

Paul and I turned in pretty early on Day 2 and managed to make the first talk on Day 3, though not without the assistance of Club Mate and Starbucks.  Day 3 was where things started to get really hairy in terms of being able to get into rooms to see the talks I wanted to see; I ended up missing the RFID talk I really wanted to see in favor of getting to the room for the Storm talk half an hour early.  But that’s what conference recordings are for, isn’t it!

As before, be sure to also check out Security4All’s post on Day 3 for a more Belgian perspective on things.

Continue reading “25C3 Day 3”